Sun Java System Access Manager 2005Q4 
Sample 
 
Main Page

Authentication PostProcessing SPI Sample : ISAuthPostProcessSample

This file explains how to compile , deploy and configure the Authentication Post Processing SPI Sample.

PRODUCT_DIR setting on different Platforms:

  • Solaris Sparc/x86 : PRODUCT_DIR = <install_root>/SUNWam

  • Linux             : PRODUCT_DIR = <install_root>/sun/identity

Steps to compile the ISAuthPostProcessSample Sample program on Solaris Sparc/x86, Linux 

Follow the steps given below to compile the sample found under <PRODUCT_DIR>/samples/authentication/spi/postprocess .
 
  • Set the following environment variables. These variables will be used to run the gmake command. You can also set these variables in the Makefile. This Makefile is in <PRODUCT_DIR>/samples/authentication/spi/postprocess.
    • JAVA_HOME

    • Set this variable to your installation of JDK. The JDK should be version 1.3.1_06 or higher.
       
    • CLASSPATH

    • Set this variable to refer to am_services.jar which can be found in the <PRODUCT_DIR>/lib directory. (Note: Include jaas.jar in your classpath if you are using JDK version less than JDK1.4)
       
    • BASE_DIR

    • Set this variable to the directory where the Access Manager is installed.
       
    • BASE_CLASS_DIR

    • Set this variable to the directory where all the Sample compiled classes are located.
       
    • JAR_DIR

    • Set this variable to the directory where the JAR files of the Sample compiled classes will be created. 
  • Go to the <PRODUCT_DIR>/samples/authentication/spi/postprocess directory and run gmake. 
  • Steps to "deploy" the ISAuthPostProcess Sample program

    • Copy ISAuthPostProcess.jar from JAR_DIR to <PRODUCT_DIR>/lib. 
    • Update Web Container configuration file "server.xml" to add ISAuthPostProcessSample.jar to the classpath. "server.xml" file for different web containers can be found at:

    •  WebServer   -  /<WS-home-dir>/https-<WS-instance-name>/config/
    •  AppServer - /<AS-home-dir>/domain/domain1/server1/config/
          For all other web containers consult their documentation. 

      • Restart web container. 
    • WebServer - /<WS-home-dir>/https-<WS-instance-name>/restart
    • Application Server - /<AS-install-dir>/<domains>/<domain name>/<server instance>/bin/restartserv  (eg. /<AS-home-dir>/domains/domain1/server1/bin/restartserv)
    • For all other web containers consult their documentation. 

    Steps to configure Authentication Post Processing SPI:

          The Authentication PostProcessing Sample can be configured at the Organization,Service or 
           Role level. 
           Configuring ISAuthPostProcess Sample for Organization :
    • Log in to Access Manager console as amAdmin to http://<host>.<domain>:<port>/<Service-Deploy-URI>/UI/Login
    • Select "Access Control" tab.
    • Select the realm. 
    • Select "Authentication" tab. 
    • Click on "Advanced Properties" button. 
    • Add "com.iplanet.am.samples.authentication.spi.postprocess.ISAuthPostProcessSample" to "Authentication PostProcessing Class" attribute 
    • Click on "Save" to save the changes. 
    • Log out 
    • Enter URL http://<host>.<domain>:<port>/<Service-Deploy-URI>/UI/Login(If you choose to use an organization other than the default, please specify that in the URL using the 'org' parameter.) 
    • The postprocessing SPI will get executed on successful authentication, failed authentication and on  Logout. 
    Configuring ISAuthPostProcess Sample for Service:
        • Log in to Access Manager console as amAdmin to http://<host>.<domain>:<port>/<Service-Deploy-URI>/UI/Login
        • Select "Access Control" tab.
        • Select the realm.
        • Select "Authentication" tab.
        • Click "New" button under Configurations. 
        • Define configuration name.
        • Click on the configuration name.
        • Add "com.iplanet.am.samples.authentication.spi.postprocess.ISAuthPostProcessSample" to "Authentication PostProcessing Class" attribute. 
        • Use "Add" button to add modules to this configuration.
        • Click on "Save" to save the changes.
        • Log out 
        • Enter URL http://<host>.<domain>:<port>/<Service-Deploy-URI>/UI/Login?service=<configname> (If you choose to use an organization other than the default, please specify that in the URL using the "org" parameter.) 
        • The postprocessing SPI will get executed on successful authentication,failed authentication and on Logout for the service accessed. 
    Configuring ISAuthPostProcess Sample for Role:
        •  Log in to Access Manager console as amAdmin to http://<host>.<domain>:<port>/<Service-Deploy-URI>/UI/Login
        • Select "Access Control" tab.
        • Select the realm.
        • Select "Subjects" Tab.
        • Select "Roles" tab below the subjects tab
        • Click "New".
        • Enter the role name and click "create".
        • Click on the role name in the "Role" table.
        • Click on "Add" under "Services" and add a "Authentication Configuration".
        • Click "Next".
        • Choose a configuration from the drop down and click "Finish". If the role is configured to use a configuration as defined in "Configuring ISAuthPostProcess Sample for Service" above , then all role based authentication would use "Authentication PostProcessing Class" of that configuration.
        • Invoke the URL http://<host>.<domain>:<port>/<Service-Deploy-URI>/UI/Login?role=<role name>

    On Windows2000

    Steps to compile the ISAuthPostProcessSample program on Windows2000

      • Go to the <install-root>\samples\authentication\spi\postprocess directory and run make. 

    Steps to deploy the ISAuthPostProcessSample Sample program

    • Copy ISAuthPostProcess.jar from JAR_DIR to <install-root>\lib
    • Update classpath with  ISAuthPostProcess.jar  in the Web Container  from which this sample has to run.
    • Restart Access Manager ("<install-root>\bin\amserver start). 

    Steps to configure Authentication Post Processing SPI:

    This sample can be can be set in the Core Auth Service for Organization and  Authentication Configuration Service for Role OR Service. 

    Refer to this in the "Solaris"  section in this document.